All right, so I'll take that off, and I want to just show you something down below here. But while I'm using it in a display filter, I'll also capture other types of traffic. Now I can type ftp and just select that, and I would be able to capture ftp data. It never has, and it may work at some point, but at this point, a capital letter on the left-hand side won't work.
The other thing is when I start typing, if I were to type a capital FTP, it won't work. Green means it's good, and yellow means go ahead and try it. Now, what happens in Wireshark is it's trying to help you. Now, while I was typing that, I think you notice something, it's red. Now, I'll just type ftp, and it does come up with some choices, but if it just is ftp, I'll leave it at that. So if I go up to the display filter, and well, say, for example, I want to just display ftp traffic. And I want to just show you one important thing, and why they're different is because this comes from the capture engine and the display filter is within the Wireshark and the dissectors and the decodes. So let's take a look at the interface here. And also when you're working with display filters, there are shortcuts for those display filters where you can simply right click, and I'll do that during demonstrations and show you how to easily get and apply a filter. One important thing to know is that they are different.
A display filter is used during an active capture or even on a precaptured packet. A capture filter is applied prior to capture and will only capture what you filter, nothing else. While you're working with Wireshark, you can use capture and display filters.
0 kommentar(er)
